Splunk Cloud Platform

Upgrade Heavy Forwarder from 9.0.x to 9.2.x

petsafe
Loves-to-Learn

I have a Splunk cloud instance that receives log from Linux server that has a Splunk Heavy Forwarder on it.

I am trying to update the Forwarder to 9.3.x, but found online I should step to 9.2.x first. It appears on the server that it's updated, and running the Splunk 9.2.0 as expected. I am also seeing metric.log files being shown on my cloud instance. But none of the other logs I have pushing from this server are showing up.

When I check the Splunk app CMC, it appears that the update has taken and is now showing in compliance.

I am not sure what I am doing wrong, or what logs you might need to help further figure out where the issue is. I only have about 6 months of Splunk experience so forgive me if this is a silly question.

Labels (3)
0 Karma

PaulPanther
Builder

@petsafe Please describe the steps that you executed for the upgrade. 

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...